Ethical Hacker, CBSE Lock Horns over Board Exam Portal Vulnerability

The Central Board of Secondary Education (CBSE) introduced its On‑Screen Marking (OSM) platform to digitise the evaluation of Class 12 board examinations, promising greater transparency and faster results. By moving answer‑book grading to a web‑based interface, the board aimed to reduce manual errors and streamline grievance handling. However, the shift also exposed a critical attack surface: a publicly reachable portal that, according to ethical hacker Nisarga Adhikary, contained a master password and other flaws that allowed unauthorized access to user data.

Adhikary posted screen recordings showing he could retrieve non‑test user information from the URL http://cbse.onmarks.co.in, a site the board later described as a ‘testing environment’ with sample data only. CBSE maintains that the production portal used for actual marks remained untouched, but the incident forced CERT‑In to temporarily shut down the vulnerable site and remove the master password. Sources in the Ministry of Electronics and Information Technology (MeitY) confirmed that the government is providing technical assistance, yet several reported vulnerabilities remain unpatched, highlighting gaps in the board’s remediation process.

The dispute underscores a growing tension between rapid digital adoption in education and the need for robust cyber‑defence. India’s CERT‑In has warned that AI‑assisted attacks can exploit static controls, urging organisations to adopt continuous monitoring and adaptive response within 12 hours where feasible. For exam authorities, this means investing in secure development lifecycles, regular penetration testing, and clear disclosure channels. Strengthening these practices will not only protect student data but also preserve public confidence in the credibility of nationwide assessments.